Senior Staff Application Security Engineer

Ridgeline is on the hunt for an experienced Senior Staff Application Security Engineer to help us build out our high trust software platforms.  As a Senior Staff Application Security Engineer at Ridgeline, you will be directly responsible for ensuring security across Ridgeline’s application platforms and product lines.  

This role involves partnering with DevOps, Engineering, and Development teams to architect, develop, and implement secure solutions from the ground up. You will own, drive, and teach application security best practices, methodologies, and ensure that  our application security strategy meets or exceeds industry standards.  You have a strong passion for all things application security and strive to show real impact through effective automation and processes.  You are an expert at owning your craft, but also understand success comes through empathy and teamwork.

This role can be hybrid near one of our offices or remote.

What You’ll Do:

• Ensure the security of Ridgeline products through development and deployment of security controls within CI/CD pipelines
• Review and test Ridgeline applications for security vulnerabilities 
• Track the latest developments in application vulnerability research
• Have the ability to develop or adapt custom tooling to solve new business needs
• Have the ability to build positive relationships with engineering teams to drive software products to a mature security state
• Provide in-depth analysis on secure coding practices and trends across the organization
• Think creatively, own problems, seek solutions, and communicate clearly along the way
• Contribute to a collaborative environment rooted in learning, teaching, and transparency

Who You Are & What Makes You Qualified:

• 10+ years experience in software development or application security roles
• Bachelors in Computer Science or related discipline, or relevant professional experience
• Strong background in building and deploying security platforms into CI/CD pipelines such as Static Analysis, Dynamic Analysis, and Open Source Security platforms
• In-depth understanding of application-level vulnerabilities, common attack vectors, and how to resolve them at scale
• Strong development experience in at least one high-level programming language, Python experience preferred
• Hands on penetration testing experience with a specific emphasis on web application, API, or mobile assessments
• Ability to quickly comprehend and digest application designs with an attacker’s mindset.
• An aptitude for problem solving
• Ability to communicate effectively
• Serious interest in having fun at work

Nice-to-Have's:

• Familiarity with AWS platform, specifically IAM, Lambda, container services, and AWS deployment pipelines
• Experience driving security at scale through programs encouraging and training security minded Developer liaisons
• Contributions to the security community such as research, public CVEs, bug-bounty recognitions, open-source projects, and blogs or publications

About Ridgeline

Ridgeline is the industry cloud platform for investment management. It was founded in 2017 by visionary tech entrepreneur Dave Duffield (co-founder of both PeopleSoft and Workday) to apply his successful formula of solving operational business challenges with bold innovation and human connectivity to the unique needs of the investment management industry.

Ridgeline started with a clean sheet of paper and a deep bench of experts bound by a set of core values and motivated to revolutionize an industry underserved by its current tech offerings. We are building a new, modern platform in the public cloud, purpose-built for the investment management industry and we are prioritizing security, agility, and usability to empower business like never before.

Headquartered in Lake Tahoe with offices in Reno, NV and Manhattan, Ridgeline is proud to have built a fast-growing, people-first company that has been recognized by Inc. Magazine, Glassdoor, and Northern Nevada as a “Best Place to Work” and by LinkedIn as a “Top U.S. Startup.”

Ridgeline is a community-minded, discrimination-free equal opportunity workplace.

Ridgeline processes the information you submit in connection with your application in accordance with the Ridgeline Applicant Privacy Statement. Please review the Ridgeline Applicant Privacy Statement in full to understand our privacy practices and contact us with any questions.

COVID-19 Policy

Ridgeline requires all new hires to verify that they are fully-vaccinated against COVID-19, consistent with applicable law. Candidates who are not vaccinated due to a sincerely held religious belief, medical reasons, or other legally-protected reason should contact Ridgeline to explore what, if any, reasonable accommodations or exemptions Ridgeline is able to offer.